fuzzers: limit maximum pack object count

By default, libgit2 allows up to 2^32 objects when downloading a
packfile from a remote. For each of these objects, libgit2 will allocate
up to two small structs, which in total adds up to quite a lot of
memory. As a result, our fuzzers might run out of memory rather quick in
case where they receive as input a packfile with such a huge count of
objects.

Limit the packfile object count to 10M objects. This is sufficiently big
to still work with most largish repos (linux.git has around 6M objects
as of now), but small enough to not cause the fuzzer to OOM.

2 files changed, 7 insertions, 0 deletions

diff --git a/fuzzers/download_refs_fuzzer.c b/fuzzers/download_refs_fuzzer.c
index fd10409d4..3807c09b3 100644
--- a/fuzzers/download_refs_fuzzer.c
+++ b/fuzzers/download_refs_fuzzer.c
@@ -174,6 +174,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 	if (git_libgit2_init() < 0)
 		abort();
 
+	if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0)
+		abort();
+
 	if (mkdtemp(tmp) != tmp)
 		abort();
 
diff --git a/fuzzers/packfile_fuzzer.c b/fuzzers/packfile_fuzzer.c
index e7708b9be..a59d28330 100644
--- a/fuzzers/packfile_fuzzer.c
+++ b/fuzzers/packfile_fuzzer.c
@@ -33,6 +33,10 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 		fprintf(stderr, "Failed to initialize libgit2\n");
 		abort();
 	}
+	if (git_libgit2_opts(GIT_OPT_SET_PACK_MAX_OBJECTS, 10000000) < 0) {
+		fprintf(stderr, "Failed to limit maximum pack object count\n");
+		abort();
+	}
 	if (git_odb_new(&odb) < 0) {
 		fprintf(stderr, "Failed to create the odb\n");
 		abort();